Polymarket hit by $2.9M theft, users to be refunded

Polymarket hit by $2.9M theft, users to be refunded

Polymarket said it contained the compromise and removed the affected dependency after attackers injected a malicious script into its frontend.

Source: Specter Crypto exploit losses climbed to $74.9 million across 29 reported incidents in June, surpassing May’s $60.5 million total but remaining far below April’s $644 million, according to DefiLlama data.

Total value hacked by monthly sum, 1-year chart. Source: DefiLlama.

The largest June incidents included:

• The $36 million Humanity Protocol exploit
• The $4.7 million Secret Network bridge exploit
• Two separate Aztec exploits worth $2.1 million each
• A $1.7 million bridge exploit on Taiko

Related: About 60% of World Cup bettors on Polymarket are first-time crypto users

Over the past 30 days, private key compromises accounted for 43% of reported exploit losses, making them the leading attack vector, according to DefiLlama. Fake proof exploits accounted for 10%, followed by reverse MEV honeypots at 8%, which present deceptive trading opportunities to lure and manipulate automated trading bots.

About a month before Polymarket's latest attack, the prediction market disclosed a separate $600,000 exploit that was traced to a six-year-old private key used for internal top-up operations. Josh Stevens, Polymarket's vice president of engineering, said the platform's contracts and user funds remained safe and that all permissions tied to the key had since been revoked.

Total value hacked by technique over the past 30 days. Source: DefiLlama

Polymarket currently holds over $450 million in total value locked, up 301% from $112 million a year ago, according to DefiLlama.

Magazine: Should users be allowed to bet on war and death in prediction markets?